Authenticating HTTP request through URL

Question

I need to retrieve the page https://server_addr:8080/v1/profile/+18017629094. The authentication credentials are username=+18016364708 and password=Wmsb7Ii00MHyqLAKlyIl+e0n.

I tried https://server_addr:8080/v1/profile/+18017629094?login=+18016364708&password=Wmsb7Ii00MHyqLAKlyIl+e0n and a bunch of other patterns like https://+18017629094:Wmsb7Ii00MHyqLAKlyIl+e0n@server_addr:8080/v1/profile/+18017629094. It still asks for the credentials.

How can I authenticate through the URL itself?

Answer 1

Since your username and password contain reserved characters like +, have you tried URL encoding your username and password in the URL?

So in your case, +18017629094 becomes %2B18017629094 and Wmsb7Ii00MHyqLAKlyIl+e0n becomes Wmsb7Ii00MHyqLAKlyIl%2Be0n.

Answer 2

Use of the format "user:password" in the userinfo field is deprecated by RFC 3986. Some modern browsers therefore no longer support URL encoding of basic access credentials. Applications should not render as clear text any data after the first colon (":") character found within a userinfo sub component. A password appearing within the userinfo component is deprecated and considered an error or simply ignored. It would be safer to utilise the HTTP Authorization request header containing the credentials to authenticate a user agent with a server as

Authorization: <type> <credentials>

For example, Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l

Or, alternatively, as you have already tried, you can append the user credentials to the URL as query parameters, but it will require you to implement your own user authentication logic on the server side.